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is the predominant directory access protocol for the Internet, and hence for the Web 
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complete structure of the abstract values. As a result, LDAP match ... 
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Current approaches to access control on the Web servers do not scale to enterprise-wide 
systems because they are mostly based on individual user identities. Hence we were 
motivated by the need to manage and enforce the strong and efficient RBAC access 
control technology in large-scale Web environments. To satisfy this requirement, we 
identify two different architectures for RBAC on the Web, called user-pull and server-pull. 
To demonstrate feasibility, we im ... 
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Location-aware applications are becoming increasingly attractive due to the widespread 
dissemination of wireless networks and the emergence of small and cheap locating 
technologies. We developed a location information server that simplifies and speeds up 
the development of these applications by offering a set of generic location retrieval and 
notification services to the application. The data model and the access protocols of these 
services are based on the X.500 directory service and the I ... 
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Academic Technology Tools for Instructional Computing (ATTIC) is Drew University's 
system of shared file space, collaborative groups, discussions, email lists, and Web pages 
that are automatically configured for every faculty and student, using an industry- 
standard, Lightweight Directory Access Protocol (LDAP) compliant directory (Novell 
eDirectory 8.5.) ATTIC services are provided by a heterogeneous environment of NetWare 
5.1 and Linux systems and rely on LDAP integration and scripting in Perl, ... 
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Problems arise when a protocol initially developed to simplify access to a distributed 
directory failed to take into account all the uses the directory was originally intended for. 
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Heirarchically structured directories have recently proliferated with the growth of the 
Internet, and are being used to store not only address books and contact information for 
people, but also personal profiles, network resource information, and network and service 
policies. These systems provide a means for managing scale and heterogeneity, while 
allowing for conceptual unity and autonomy across multiple directory servers in the 
network, in a way for superior to what conventional relation ... 
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Drew has been providing computers to students since 1984. Many universities have 
ubiquitous computing programs where students receive a laptop computer as part of their 
educational package. These programs reduce the dependence on and management issues 
of traditional computer labs, and allow 24x7 computing access to every student at the 
University. Drew also provides Novell Directory Services (NDS) accounts to all of these 
students, and utilizes Novell ZENworks to customize software, personalize ... 
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Computing Lab managers face unique challenges when providing an easily-maintainable 
and secure yet customizable work environment for students across multiple computers 
and computer labs, especially in media rich environments. An examination of the 
implementation of network home directories and user environment controls at University 
of Oregon School of Journalism & Communication highlights the practical system 
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XML (extensible Markup Language) has emerged as a prevalent standard for document 
representation and exchange on the Web. It is often the case that XML documents contain 
information of different sensitivity degrees that must be selectively shared by (possibly 
large) user communities. There is thus the need for models and mechanisms enabling the 
specification and enforcement of access control policies for XML documents. Mechanisms 
are also required enabling a secure and selective dissemina ... 
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It has been our effort at Ringling school to provide our campus community with the 
capability to uniformly access resources across multiple platforms. Empowering the user 
with a single sign-on capability has multifold benefits. It greatly improves user experience 
and relieves the user from the burden of remembering multiple user-id and password 
pairs. On the administrative side, help desk costs are noticeably reduced and security 
improved, as users are not tempted to 'store' multiple passwords i ... 
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Single sign-on is one step closer as we replace /etc/passwd entries with a centralized 
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The key driving force behind general-purpose enterprise directory services is for providing 
a central repository for commonly and widely used information such as users, groups, 
network service access information and profiles, security information, etc. Acceptance of 
the Lightweight Directory Access Protocol (LDAP) as an access protocol has facilitated 
widespread integration of these directory services into the network infrastructure and 
applications. 
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Due to the positive response of our fall 2002 OS X deployment and our desire to provide 
the campus community with the latest and greatest tools, we upgraded our instructional 
computer laboratories to Jaguar, Macintosh OS X version 10.2 in the fall of 2003. 

This paper will outline the procedures we implemented our second time around. We shall 
discuss the items we did differently such as LDAP authentication, font management, 
application support, user training, login and logout hooks, pri ... 
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This paper discusses the challenges of putting Apple Macintosh OSX into open access and 
computer lab environments. 
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Location-aware applications are becoming increasingly attractive due to the widespread 
dissemination of wireless networks and the emergence of small and cheap locating 
technologies. We developed a location information server that simplifies and speeds up 
the development of these applications by offering a set of generic location retrieval and 
notification services to the application. The data model and the access protocols of these 
services are based on the X.500 directory service and the I ... 
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XML (extensible Markup Language) has emerged as a prevalent standard for document 
representation and exchange on the Web. It is often the case that XML documents contain 
information of different sensitivity degrees that must be selectively shared by (possibly 
large) user communities. There is thus the need for models and mechanisms enabling the 
specification and enforcement of access control policies for XML documents. Mechanisms 
are also required enabling a secure and selective dissemina ... 



http://portaLacm.org/resu^ 



9/27/2007 



Results (page 1); ldap access directory add delete modify 

Keywords: Access control, XML, secure distribution 



Page 2 of 6 



Im prov i n g the g ranu l ari ty o f ac cess control f or Win d o ws 2 00 0 

Michael M. Swift, Anne Hopkins, Peter Brundrett, Cliff Van Dyke, Praerit Garg, Shannon 

Chan, Mario Goertzel, Gregory Jensenworth 

November 2002 ACM Transactions on Information and System Security (TISSEC), 

Volume 5 Issue 4 
Publisher: ACM Press 

_ ■■ , , ., u. « maa-, 7o i/d\ Additional Information: full citation , abstract , references , citings, index 
Full text available: 153 pdf (447,78 KB). , : 

^ terms, re view 

This article presents the mechanisms in Windows 2000 that enable fine-grained and 
centrally managed access control for both operating system components and applications. 
These features were added during the transition from Windows NT 4.0 to support the 
Active Directory, a new feature in Windows 2000, and to protect computers connected to 
the Internet. While the access control mechanisms in Windows NT are suitable for file 
systems and applications with simple requirements, they fall short of the ... 

Keywords: Access control lists, Microsoft Windows 2000, Windows NT, active directory * 
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Sander van Vugt 

September 2001 Linux Journal, volume 2001 issue 89 
Publisher: Specialized Systems Consultants, Inc. 

Full text available: g| html(21.59 KB) Additional Information: f ull cit atio n , abst r ac t, index terms 
Lighter data retrieval and an alternative to NIS. 

6 Access cont r ol w i t h I BM Ti vo li acces s manager 

Gunter Karjoth 

May 2003 ACM Transactions on Information and System Security (TISSEC), volume 6 

Issue 2 
Publisher: ACM Press 

-. u. 0 -o C 7 n-7 i/d\ Additional Information: fu^ 
Full text available: ^pdf( 367.07 KB) terms"" 

Web presence has become a key consideration for the majority of companies and other 
organizations. Besides being an essential information delivery tool, the Web is 
increasingly being regarded as an extension of the organization itself, directly integrated 
with its operating processes. As this transformation takes place, security grows in 
importance. IBM Tivoli Access Manager offers a shared infrastructure for authentication 
and access management, technologies that have begun to emerge in the com ... 

Keywords: Access control, WWW security, Web servers, authorization management 
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^ Michael Richichi, Paul Coen 
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Publisher: ACM Press 

*. u. » JMOC „ DX Additional Information: full citation , abstract , references , citings, index 
Full text available: ^ pdf(285.27 KB ) terms 

Drew has been providing computers to students since 1984. Many universities have 
ubiquitous computing programs where students receive a laptop computer as part of their 
educational package. These programs reduce the dependence on and management issues 
of traditional computer labs, and allow 24x7 computing access to every student at the 
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University. Drew also provides Novell Directory Services (NDS) accounts to all of these 
students, and utilizes Novell ZENworks to customize software, personalize ... 

Keywords: LDAP, ZENworks, directory services, eDirectory, laptop programs, 
management, ubiquitous computing 
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Full text available: g) htm l(3 1.10 KB ) Additional Information: full citation, abstract, inde^lemis 

A new version of Samba makes this company-wide directory solution even more capable 
than before. 

9 Larg e-scale ma il wi t h P os tf i x , QpenLDAP and courier 

Dave Dribin, Keith Garner 

February 2003 Linux Journal, volume 2003 issue 106 
Publisher: Specialized Systems Consultants, Inc. 

Full text available: g[ html(25.24 KB ) Additional Information: full citation , abstract, index terms 
Here's a flexible solution for hosting mail for many domains on one server. 

10 Regaining sing le si g n-on tamin g the beast 
Divyangi Anchan, Mahmoud Pegah 

September 2003 Proceedings of the 31st annual ACM SIGUCCS conference on User 

services SIGUCCS '03 
Publisher: ACM Press 

Full text available: ^ pdf(217.34 KB ) Additional Information: full ci tation , abstract, references, ind^xterms 

It has been our effort at Ringling school to provide our campus community with the 
capability to uniformly access resources across multiple platforms. Empowering the user 
with a single sign-on capability has multifold benefits. It greatly improves user experience 
and relieves the user from the burden of remembering multiple user-id and password 
pairs. On the administrative side, help desk costs are noticeably reduced and security 
improved, as users are not tempted to 'store' multiple passwords i ... 

Keywords: LDAP, RPC, account synchronization, active directory (AD), active directory 
service interfaces (ADSI), password synchronization, single sign-on 
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Today, organizations deal with- an ever-increasing number of documents that have to be 
archived because they are either related to their core business (e.g., product designs) or 
needed to meet corporate or legal retention requirements (e.g., voucher). In this paper, 
we present the architecture and prototype implementation of SaveMe, a document 
archival system that is based on network-centric groupware such as Internet standards- 
based messaging systems. In SaveMe, the actions of archiving, retriev 

Keywords: Internet, archiving, groupware, messaging ' 
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Publisher: ACM Press 

r- .. . ^ -, u, a> ^r/coo nn i^dx Additional Information: f ull cit ation, abstract , ref erenc es, citings, index 

Full text available: Wl pdf(528.00 KB) t 
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XML is the undisputed standard for data representation and exchange. As companies 
transact business over the Internet, letting authorized customers directly access, and 
even modify, XML data offers many advantages in terms of cost, accuracy, and 
timeliness. Given the complex business relationships between companies, and the 
sensitive nature of information, access must be provided selectively, using sophisticated 
access control specifications. Using the specification directly to determine if a us ... 

Keywords: Access control, XML, structural locality 



13 A case study: implementin g novell identity mana g ement at Drew Universit y 
E. Axel Larsson 

>/ November 2005 Proceedings of the 33rd annual ACM SIGUCCS conference on User 
services SIGUCCS '05 
Publisher: ACM Press 

Full text available: ^|pdf(271.44 KB ) Additional Information: full c i tation , abstract, references, LnjtexMms 

Starting in 2003, Drew University began a process to replace its manual account 
management procedures with an automated provisioning system based upon Novell 
technologies. Over the past two years, the scope of this project has expanded beyond 
managing network accounts, to include providing identity and data integration services for 
a wide variety of third-party and home-grown applications encompassing everything form 
our campus ID card system to an admitted students' portal.This paper will prese ... 

Keywords: DirXML, active directory, directory services, eDirectory, identity 
management, novell, password management, single sign on 



14 Challenge s in dis t ri bu te d systems: Managing heterog e n e ous dis t ri b u te d com puting Q 

s ystems: usin g information repositories 
Gerald A. Winters, Toby J. Teorey 

October 1993 Proceedings of the 1993 conference of the Centre for Advanced Studies 
on Collaborative research: distributed computing - Volume 2 CASCON 
"93 

Publisher: IBM Press 

Full text available: ^£)pdf(1.20 MB) Additional Information: full citation , abstract, references , citings 

An integral part of managing heterogeneous distributed computing systems is an 
information repository. The ultimate goal of our research is to specify a methodology for 
the design, analysis, and comparison of information repositories for such systems. We 
first outline the general characteristics of data repositories, including requirements and 
data model features. Then we build an experimental prototype system to test two 
candidate repositories: X.500 and AFS (Andrew File System). Performance an ... 



15 Applic ations: Ru l e su pport for rol e - base d access control 

y£v Axel Kern, Claudia Walhorn 

v June 2005 Proceedings of the tenth ACM symposium on Access control models and 
technologies SACMAT '05 

Publisher: ACM Press 

Full text available: pdf( 218.86 KB ) Additional Information: ful l citation, abs tract, references, indexjeims 

The administration of users and access rights in large enterprises is a complex and 
challenging task. Role-based access control (RBAC) is a powerful concept for simplifying 
access control. In particular, Enterprise Roles spanning across different IT systems are 
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increasingly used as a basis for company-wide security management. However, the 
administration of roles in large organisations can become quite cumbersome and needs to 
be automated. During the past years, rules have been used to support au ... 

Keywords: SAM Jupiter, automated identity management, directoriescase studies, 
enterprise role-based access control (ERBAC), provisioning engine, role-based access 
control (RBAC), rule engine, rulesaccess rights, security administration, security 
provisioning 
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17 Detectin g past and present intrusions throu g h vulnerabilit y-specific predicates | 
Ashlesha Joshi, Samuel T. King, George W. Dunlap, Peter M. Chen 

October 2005 ACM SIGOPS Operating Systems Review , Proceedings of the twentieth 
ACM symposium on Operating systems principles SOSP '05, volume 39 issue 
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Publisher: ACM Press 
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Full text available: ]g)pdf(261.66 KB) terms 

Most systems contain software with yet-to-be-discovered security vulnerabilities. When a 
vulnerability is disclosed, administrators face the grim reality that they have been running 
software which was open to attack. Sites that value availability may be forced to continue 
running this vulnerable software until the accompanying patch has been tested. Our goal 
is to improve security by detecting intrusions that occurred before the vulnerability was 
disclosed and by detecting and responding to intr ... 

Keywords: IntroVirt, intrusion detection, semantic gap, virtual-machine introspection, 
virtual-machine replay, vulnerability-specific predicates 



18 A Jini-based computin g portal s ystem 

Toyotaro Suzumura, Satoshi Matsuoka, Hidemoto Nakada 
^ November 2001 Proceedings of the 2001 ACM/IEEE conference on Supercomputing 
(CDROM) Supercomputing '01 
Publisher: ACM Press 
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Full text available: TO pdf(197.53 KB ) 

y£=s ' terms 

JiPANG(A Jini-based Portal Augmenting Grids) is a portal system and a toolkit which 
provides uniform access interface layer to a variety of Grid systems, and is built on top of 
Jini distributed object technology. JiPANG performs uniform higher-level management of 
the computing services and resources being managed by individual Grid systems such as 
Ninf, NetSolve, Globus, etc. In order to give the user a uniform interface to the Grids 
JiPANG provides a set of simple Java APIs called the JiPANG To ... 

19 Operating sy stems secu rity: Attestat ion-based policy enforcement fo r re mote access 

Reiner Sailer, Trent Jaeger, Xiaolan Zhang, Leendert van Doom 
October 2004 Proceedings of the 11th ACM conference on Computer and 

communications security CCS '04 
Publisher: ACM Press 
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Intranet access has become an essential function for corporate users. At the same time, 
corporation's security administrators have little ability to control access to corporate data 
once it is released to remote clients. At present, no confidentiality or integrity guarantees 
about the remote access clients are made, so it is possible that an attacker may have 
compromised a client process and is now downloading or modifying corporate data. Even 
though we have corporate-wide access control over ... 

Keywords: remote access, security management, trusted domputing 

20 A taxonomy of Data Grids for distributed data sharin g, management, and processing D 

#Srikumar Venugopal, Rajkumar Buyya, Kotagiri Ramamohanarao 
June 2006 ACM Computing Surveys (CSUR), volume 38 issue l 

Publisher: ACM Press 

Full text available: ^p|pdf( 1 . 70 MB ) Additional Information: full cit a tion, abstract, references, index teims 

Data Grids have been adopted as the next generation platform by many scientific 
communities that need to share, access, transport, process, and manage large data 
collections distributed worldwide. They combine high-end computing technologies with 
high-performance networking and wide-area storage management techniques. In this 
article, we discuss the key concepts behind Data Grids and compare them with other data 
sharing and distribution paradigms such as content delivery networks, peer-to-peer n ... 

Keywords: Grid computing, data-intensive applications, replica management, virtual 
organizations 
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1 Location-aware mobile applications based on directory services 
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August 1998 Mobile Networks and Applications, volume 3 issue 2 
Publisher: Kluwer Academic Publishers 

Additional Information: full citation , a bstract , r eferences , citings, jadex 
terms 



Full text available: fBpdff 42 1.47 KB ) 



Location-aware applications are becoming increasingly attractive due to the widespread 
dissemination of wireless networks and the emergence of small and cheap locating 
technologies. We developed a location information server that simplifies and speeds up 
the development of these applications by offering a set of generic location retrieval and 
notification services to the application. The data model and the access protocols of these 
services are based on the X.500 directory service and the I ... 



2 Location-aware mobile a p plications based on director y services 
Henning MaaB 

September 1997 Proceedings of the 3rd annual ACM/IEEE international conference on 
Mobile computing and networking MobiCom '97 

Publisher: ACM Press 

Full text available: ^ pdfd.59 MB ) Additional Information: full citation , references , citings, index terms 



Keywords: LDAP, X.500, adaptive applications, directory services, distributed systems, 
locating systems, location-aware applications, middleware, mobile computing, software 
architectures, wireless multimedia networks 
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Lighter data retrieval and an alternative to NIS. 
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Stefan Berchtold, Alexandras Biliris, Euthimios Panagos 
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^ t er m s 

Today, organizations deal with an ever-increasing number of documents that have to be 
archived because they are either related to their core business (e.g., product designs) or 
needed to meet corporate or legal retention requirements (e.g., voucher). In this paper, 
we present the architecture and prototype implementation of SaveMe, a document 
archival system that is based on network-centric groupware such as Internet standards- 
based messaging systems. In SaveMe, the actions of archiving, retriev ... 

Keywords: Internet, archiving, groupware, messaging 



5 Challeng es in distributed systems : Mana ging heterogeneous dis t ribut ed computing Q 
s ystems: usin g information repositories 

Gerald A. Winters, Toby J. Teorey 

October 1993 Proceedings of the 1993 conference of the Centre for Advanced Studies 
on Collaborative research: distributed computing - Volume 2 CASCON 
•93 

Publisher: IBM Press 

Full text available: ^£|pdf(1.20 MB ) Additional Information: full citation , abstra ct, r eferenc es, citings 

An integral part of managing heterogeneous distributed computing systems is an 
information repository. The ultimate goal of our research is to specify a methodology for 
the design, analysis, and comparison of information repositories for such systems. We 
first outline the general characteristics of data repositories, including requirements and 
data model features. Then we build an experimental prototype system to test two 
candidate repositories: X.500 and AFS (Andrew File System). Performance an ... 

6 A sim ple virtual or g anisation model and practical implementation Q 
Lyle J. Winton 

January 2005 Proceedings of the 2005 Australasian workshop on Grid computing and 
e-research - Volume 44 ACSW Frontiers '05 

Publisher: Australian Computer Society, Inc. 

Full text available: ^pdf(315.22 KB ) Additional Information: full citation , abstract , references, mdeaLterms 

The development of Grid middleware, such as the Globus Toolkit version 2, reached a 
level of maturity and stability in which it was possible to create widely distributed 
resource Grids; Within the last few years various experiences have arisen from the 
construction of such Grids and so called "testbeds". The purpose of this paper is to 
highlight some of the problems, propose some simple solutions, and to report on the 
development of prototype implementations. The focus of this paper is on soluti ... 

Keywords: computing, globus, grid, virtual organisations 
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Full text available: 153 pdf( 678.34 KB ) 

terms 

XML (extensible Markup Language) has emerged as a prevalent standard for document 
representation and exchange on the Web. It is often the case that XML documents contain 
information of different sensitivity degrees that must be selectively shared by (possibly 
large) user communities. There is thus the need for models and mechanisms enabling the 
specification and enforcement of access control policies for XML documents. Mechanisms 
are also required enabling a secure and selective dissemina ... 
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on Collaborative research CASCON '94 
Publisher: IBM Press 
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Distributed computing systems are composed of various types and sizes of resources. 
Providing a reliable and efficient distributed computing environment largely depends on 
the effective management of these resources. ISO has begun work on a proposed 
standard for Open Distributed Processing (ODP). The ODP framework includes a 
mechanism called the Trader which provides a framework for exchanging services in an 
open distributed computing environment. This paper presents a design of Trader-Based 
Res ... 
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November 2003 Proceedings of the 2003 ACM/IEEE conference on Supercomputing SC 
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Publisher: IEEE Computer Society 
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A Grid Information Service (GIS) stores information about the resources of a distributed 
computing environment and answers questions about it. We are developing RGIS, a GIS 
system based on the relational data model. RGIS users can write SQL queries that search 
for complex compositions of resources that meet collective requirements. Executing these 
queries can be very expensive, however. In response, we introduce the nondeterministic 
query, an extension to the SELECT statement, which allows the u ... 

Managing data derived from multiple sources in an X.500 Director y Q 
Paul Barker 

July 1991 ACM SIGCOMM Computer Communication Review, volume 21 issue 3 
Publisher: ACM Press 

Full text available: ^|pdf (691.72 KB ) Additional Information: full citation , abstract , index terms 

X.500 Directories will not often be used as the master source of data until the Directory is 
well established, and the technology trusted. Until then there will remain the substantial 
problem of keeping an X.500 Directory up-to-date, frequently from a number of sources. 
Usually the volume of data will require that maintenance procedures are as automated as 
possible. However, naive procedures will not suffice for a number of reasons: different 
sources will name the same object differently; differe ... 

11 Secure and flexible certificate access in WS-securit v throug h LDAP co mponent Q 
matchin g 

Sang Seok Lim, Jong Hyuk Choi, Kurt D. Zeilenga 

October 2004 Proceedings of the 2004 workshop on Secure web service SWS *04 
Publisher: ACM Press 

Full text available: ^| pdf(349.56 KB ) Additional Information: full citation , abstract , references , index terms 

As an integral part of the Web Services Security (WS-Security), directory services are 
used to store and access X.509 certificates. Lightweight Directory Access Protocol (LDAP) 
is the predominant directory access protocol for the Internet, and hence for the Web 
services. Values of LDAP attribute and assertion value syntaxes, though defined using 
ASN.l, are encoded in simple octet string formats which generally do not preserve the 
complete structure of the abstract values. As a result, LDAP match ... 

Keywords: LDAP, PKI, X.509 certificate, certificate repository, component matching 
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Web presence has become a key consideration for the majority of companies and other 
organizations. Besides being an essential information delivery tool, the Web is 
increasingly being regarded as an extension of the organization itself, directly integrated 
with its operating processes. As this transformation takes place, security grows in 
importance. IBM Tivoli Access Manager offers a shared infrastructure for authentication 
and access management, technologies that have begun to emerge in the com ... 

Keywords: Access control, WWW security, Web servers, authorization management 
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This article presents the mechanisms in Windows 2000 that enable fine-grained and 
centrally managed access control for both operating system components and applications. 
These features were added during the transition from WindowsNT 4.0 to support the 
Active Directory, a new feature in Windows 2000, and to protect computers connected to 
the Internet. While the access control mechanisms in Windows NT are suitable for file 
systems and applications with simple requirements, they fall short of the ... 

Keywords: Access control lists, Microsoft Windows 2000, Windows NT, active directory 
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The Role-Based Access Control (RBAC) model is traditionally used to manually assign 
users to appropriate roles. When the service-providing enterprise has a massive customer 
base, assigning users to roles ought to be automated. RB-RBAC (Rule-Based RBAC) 
provides the mechanism to dynamically assign users to roles based on a finite set of 
authorization rules defined by the enterprise's security policy. These rules may have 
seniority relation among them, which induces a roles hierarchy. The main con ... 

Keywords: RBAC, access control, attributes, authorization rules, roles, roles hierarchies 
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The OSI directory system manages a distributed directory information database of named 
objects, defining a hierarchical relationship between the objects. An object consists of a 
set of attributes as determined by a particular class. Attributes are tuples that include a 
type and one or more values.This paper presents an overview of the X.500 standard and 
describes extensions to the standard to provide user agents with a means of handling 
atomic transactions. The new interface allows any sequence ... 
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Here's a flexible solution for hosting mail for many domains on one server. 
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In this paper, the potential role and feasibility of the X.500 Directory Service within the 
CORDS management services is studied. A simple network monitoring application was 
adapted to use a prototype X.500 Directory Service for (1) device information, (2) 
application information, and (3) for compiling summary information on network load. This 
study is a first step towards the understanding of the possible role of the Directory 
Service in the management of distributed systems and applications. T ... 
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The Directory Service and the Multidatabase Service are two important components of the 
execution environment for distributed applications being developed within CORDS. We 
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believe that a strong relationship should exist between these two services and discuss a 
possible architecture in which the catalog for the multidatabase service (the MDBS 
Catalog) is kept within the directory service. We describe the requirements of the MDBS 
Catalog: expected contents, expected types and frequencies of access ... 
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Location-aware applications are becoming increasingly attractive due to the widespread 
dissemination of wireless networks and the emergence of small and cheap locating 
technologies. We developed a location information server that simplifies and speeds up 
the development of these applications by offering a set of generic location retrieval and 
notification services to the application. The data model and the access protocols of these 
services are based on the X.500 directory service and the I ... 
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Today, organizations deal with an ever-increasing number of documents that have to be 
archived because they are either related to their core business (e.g., product designs) or 
needed to meet corporate or legal retention requirements (e.g., voucher). In this paper, 
we present the architecture and prototype implementation of SaveMe, a document 
archival system that is based on network-centric groupware such as Internet standards- 
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As an integral part of the Web Services Security (WS-Security), directory services are 
used to store and access X.509 certificates. Lightweight Directory Access Protocol (LDAP) 
is the predominant directory access protocol for the Internet, and hence for the Web 
services. Values of LDAP attribute and assertion value syntaxes, though defined using 
ASN.l, are encoded in simple octet string formats which generally do not preserve the 
compleite structure of the abstract values. As a result, LDAP match ... 
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XML {extensible Markup Language) has emerged as a prevalent standard for document 
representation and exchange on the Web. It is often the case that XML documents contain 
information of different sensitivity degrees that must be selectively shared by (possibly 
large) user communities. There is thus the need for models and mechanisms enabling the 
specification and enforcement of access control policies for XML documents. Mechanisms 
are also required enabling a secure and selective dissemina ... 
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The development of Grid middleware, such as the Globus Toolkit version 2, reached a 
level of maturity and stability in which it was possible to create widely distributed 
resource Grids. Within the last few years various experiences have arisen from the 
construction of such Grids and so called "testbeds". The purpose of this paper is to 
highlight some of the problems, propose some simple solutions, and to report on the 
development of prototype implementations. The focus of this paper is on soluti ... 
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Distributed computing systems are composed of various types and sizes of resources. 
Providing a reliable and efficient distributed computing environment largely depends on 
the effective management of these resources. ISO has begun work on a proposed 
standard for Open Distributed Processing (ODP). The ODP framework includes a 
mechanism called the Trader which provides a framework for exchanging services in an 
open distributed computing environment. This paper presents a design of Trader-Based 
Res ... 
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Web presence has become a key consideration for the majority of companies and other 
organizations. Besides being an essential information delivery tool, the Web is 
increasingly being regarded as an extension of the organization itself, directly integrated 
with its operating processes. As this transformation takes place, security grows in 
importance. IBM Tivoli Access Manager offers a shared infrastructure for authentication 
and access management, technologies that have begun to emerge in the com ... 
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This article presents the mechanisms in Windows 2000 that enable fine-grained and 
centrally managed access control for both operating system components and applications. 
These features were added during the transition from Windows NT 4.0 to support the 
Active Directory, a new feature in Windows 2000, and to protect computers connected to 
the Internet. While the access control mechanisms in Windows NT are suitable for file 
systems and applications with simple requirements, they fall short of the ... 
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The Role-Based Access Control (RBAC) model is traditionally used to manually assign 
users to appropriate roles. When the service-providing enterprise has a massive customer 
base, assigning users to roles ought to be automated. RB-RBAC (Rule-Based RBAC) 
provides the mechanism to dynamically assign users to roles based on a finite set of 
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authorization rules defined by the enterprise^ security policy. These rules may have 
seniority relation among them, which induces a roles hierarchy. The main con ... 
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X.500 Directories will not often be used as the master source of data until the Directory is 
well established, and the technology trusted. Until then there will remain the substantial 
problem of keeping an X.500 Directory up-to-date, frequently from a number of sources. 
Usually the volume of data will require that maintenance procedures are as automated as 
possible. However, naive procedures will not suffice for a number of reasons: different 
sources will name the same object differently; differe ... 
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The administration of users and access rights in large enterprises is a complex and 
challenging task. Role-based access control (RBAC) is a powerful concept for simplifying 
access control. In particular, Enterprise Roles spanning across different IT systems are 
increasingly used as a basis for company-wide security management. However, the 
administration of roles in large organisations can become quite cumbersome and needs to 
be automated. During the past years, rules have been used to support au ... 
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In this paper, the potential role and feasibility of the X.500 Directory Service within the 
CORDS management services is studied. A simple network monitoring application was 
adapted to use a prototype X.500 Directory Service for (1) device information, (2) 
application information, and (3) for compiling summary information on network load. This 
study is a first step towards the understanding of the possible role of the Directory 
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The Directory Service and the Multidatabase Service are two important components of the 
execution environment for distributed applications being developed within CORDS. We 
believe that a strong relationship should exist between these two services and discuss a 
possible architecture in which the catalog for the multidatabase service (the MDBS 
Catalog) is kept within the directory service. We describe the requirements of the MDBS 
Catalog: expected contents, expected types and frequencies of access ... 

17 An architecture for WWW-based h y percode environments Q 
^ Gail E. Kaiser, Stephen E. Dossick, Wenyu Jiang, Jack Jingshuang Yang 

May 1997 Proceedings of the 19th international conference on Software engineering 

ICSE '97 
Publisher: ACM Press 

Full text available: fj?l pdfH.84 MB ) Additional Information: full citation , references , citings, index terms 



18 A compressed accessibilit y ma p for XML 

Ting Yu, Divesh Srivastava, Laks V. S. Lakshmanan, H. V. Jagadish 
June 2004 ACM Transactions on Database Systems (TODS), Volume 29 issue 2 

Publisher: ACM Press 

Additional Information: full citat ion, abs trac t, references, citings, index 



Full text available: m p_df(5_28.Q0 KB) 

terms 

XML is the undisputed standard for data representation and exchange. As companies 
transact business over the Internet, letting authorized customers directly access, and 
even modify, XML data offers many advantages in terms of cost, accuracy, and 
timeliness. Given the complex business relationships between companies, and the 
sensitive nature of information, access must be provided selectively, using sophisticated 
access control specifications. Using the specification directly to determine if a us ... 
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information repository/The ultimate goal of our research is to specify a methodology for 
the design, analysis, and comparison of information repositories for such systems. We 
first outline the general characteristics of data repositories, including requirements and 
data model features. Then we build an experimental prototype system to test two 
candidate repositories: X.500 and AFS (Andrew File System). Performance an ... 
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The X.500 Standard has been proposed as the basis for a directory service in distributed 
systems. There is some question as to whether it is suited to this use. This paper 
describes the initial work on the development of an X.500 simulation testbed to be used in 
investigating the behaviour of X.500 directories in large distributed environments. The 
initial version of the testbed has been developed using the Quipu prototype 
implementation of X.500 and the Nest network simulation tool. The long-te ... 

Results 1 - 20 of 200 Result page: 1 2345678910 next 

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2007 ACM, Inc. 
Terms oLUsage Priyacy^PoHcy. Code of Ethics Contac t Us 

Useful downloads: Adobe Acrobat Q QuickTime fil Windows Media Pla yer ^> Real Player 



http://portal.acm.org/re^ 



9/27/2007 



